ð āļāļēāļĢāļāļąāđāļāļāđāļē SSL Certificate â
āļ āļēāļāļĢāļ§āļĄ â
Nextcloud NAS āđāļāđ Let's Encrypt SSL Certificate āļāđāļēāļ certbot
| āļĢāļēāļĒāļāļēāļĢ | āļāđāļē |
|---|---|
| Provider | Let's Encrypt |
| Domain | cloudcdm.contentsdigital.us |
| Expiry | Oct 2, 2026 |
| Auto-Renew | â Enabled |
āļāļēāļĢāļāļ Certificate āļāļĢāļąāđāļāđāļĢāļ â
bash
sudo certbot --nginx -d cloudcdm.contentsdigital.us --non-interactive --agree-tos --email [email protected]āļāđāļāļāļēāļĒāļļ Certificate â
bash
# āļāļĢāļ§āļāļŠāļāļāļ§āļąāļāļŦāļĄāļāļāļēāļĒāļļ
sudo certbot certificates
# āļāļāļŠāļāļāļāļēāļĢāļāđāļāļāļēāļĒāļļ (dry run)
sudo certbot renew --dry-run
# āļāđāļāļāļēāļĒāļļāļāļĢāļīāļ
sudo certbot renew
# āļĢāļĩāđāļŦāļĨāļ nginx āļŦāļĨāļąāļāļāđāļāļāļēāļĒāļļ
sudo systemctl reload nginxAuto-Renewal Timer â
bash
# āļāļĢāļ§āļāļŠāļāļ systemd timer
systemctl status certbot.timer
# āđāļŠāļāļ timer āļāļąāđāļāļŦāļĄāļ
systemctl list-timers | grep certbotCertificate Path â
/etc/letsencrypt/live/cloudcdm.contentsdigital.us/
âââ fullchain.pem # Certificate + Chain
âââ privkey.pem # Private Key
âââ cert.pem # Certificate only
âââ chain.pem # CA Chain onlyNginx SSL Configuration â
nginx
server {
listen 443 ssl;
server_name cloudcdm.contentsdigital.us;
ssl_certificate /etc/letsencrypt/live/cloudcdm.contentsdigital.us/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloudcdm.contentsdigital.us/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# ... proxy settings ...
}Cloudflare SSL Mode â
Cloudflare SSL āļāļ§āļĢāļāļąāđāļāđāļāđāļ Full āļŦāļĢāļ·āļ Full (strict) āđāļāļ·āđāļāđāļŦāđ Cloudflare āđāļāļ·āđāļāļĄāļāđāļāļāļąāļ Origin āļāđāļēāļ HTTPS:
- āđāļāđāļē Cloudflare Dashboard
- āđāļĨāļ·āļāļ domain â SSL/TLS â Overview
- āđāļĨāļ·āļāļ Full (strict)